11import os
22import re
3- import time
4- import json
5- import copy
63from itertools import chain
7- from errbot import BotPlugin , re_botcmd , Message , botcmd
4+
5+ from errbot import BotPlugin , re_botcmd , Message
86from errbot .core import ErrBot
97from slack_sdk .errors import SlackApiError
10- from collections import namedtuple
118
129import config_template
1310from lib import ApproveHelper , create_sdm_service , MSTeamsPlatform , PollerHelper , \
1411 ShowResourcesHelper , ShowRolesHelper , SlackBoltPlatform , SlackRTMPlatform , \
1512 ResourceGrantHelper , RoleGrantHelper , DenyHelper , CommandAliasHelper , ArgumentsHelper , \
16- GrantRequestHelper , WhoamiHelper
13+ GrantRequestHelper , WhoamiHelper , MetricsHelper
1714from lib .util import normalize_utf8
1815from grant_request_type import GrantRequestType
1916
2522SHOW_ROLES_REGEX = r"show available roles"
2623FIVE_SECONDS = 5
2724ONE_MINUTE = 60
25+ MSG_ERROR_OCCURRED = "An error occurred, please contact your SDM admin"
2826
2927def get_callback_message_fn (bot ):
3028 def callback_message (msg ):
@@ -38,6 +36,14 @@ def callback_message(msg):
3836 ErrBot .callback_message (bot , msg )
3937 return callback_message
4038
39+ def get_send_simple_reply (bot ):
40+ def send_simple_reply (msg , text , private = False , threaded = False ):
41+ if text .startswith (MSG_ERROR_OCCURRED ):
42+ accessbot = bot .plugin_manager .plugins ['AccessBot' ]
43+ accessbot .get_metrics_helper ().increment_consecutive_errors ()
44+ return ErrBot .send_simple_reply (bot , msg , text , private = private , threaded = threaded )
45+ return send_simple_reply
46+
4147def get_platform (bot ):
4248 platform = bot .bot_config .BOT_PLATFORM if hasattr (bot .bot_config , 'BOT_PLATFORM' ) else None
4349 if platform == 'ms-teams' :
@@ -50,13 +56,15 @@ def get_platform(bot):
5056# pylint: disable=too-many-ancestors
5157class AccessBot (BotPlugin ):
5258 __grant_requests_helper = None
59+ __metrics_helper = None
5360 _platform = None
5461
5562 def activate (self ):
5663 super ().activate ()
5764 self ._platform = get_platform (self )
58- self ._bot .MSG_ERROR_OCCURRED = 'An error occurred, please contact your SDM admin'
65+ self ._bot .MSG_ERROR_OCCURRED = MSG_ERROR_OCCURRED
5966 self ._bot .callback_message = get_callback_message_fn (self ._bot )
67+ self ._bot .send_simple_reply = get_send_simple_reply (self ._bot )
6068 self .init_access_form_bot ()
6169 self .update_access_control_admins ()
6270 self ['auto_approve_uses' ] = {}
@@ -68,6 +76,8 @@ def activate(self):
6876 # If something doesn't need to be "instantiated" again we shouldn't be doing it
6977 if self .__grant_requests_helper is None :
7078 self .__grant_requests_helper = GrantRequestHelper (self )
79+ if self .__metrics_helper is None :
80+ self .__metrics_helper = MetricsHelper (self )
7181 self ._hide_utils_whoami_command ()
7282
7383 def _hide_utils_whoami_command (self ):
@@ -156,6 +166,7 @@ def access_resource(self, message, match):
156166 """
157167 Grant access to a resource (using the requester's email address)
158168 """
169+ self .__metrics_helper .increment_access_requests ()
159170 arguments = re .sub (ACCESS_REGEX , "\\ 1" , match .string .replace ("*" , "" ), flags = re .IGNORECASE )
160171 if re .match ("^role (.*)" , arguments , flags = re .IGNORECASE ):
161172 self .log .debug ("##SDM## AccessBot.access better match for assign_role" )
@@ -172,6 +183,7 @@ def access_resource(self, message, match):
172183 yield str (e )
173184 return
174185 yield from self .get_resource_grant_helper ().request_access (message , resource_name , flags = flags )
186+ self .__metrics_helper .reset_consecutive_errors ()
175187
176188 @re_botcmd (pattern = ASSIGN_ROLE_REGEX , flags = re .IGNORECASE , prefixed = False , re_cmd_name_help = "access to role role-name" )
177189 def assign_role (self , message , match ):
@@ -180,48 +192,58 @@ def assign_role(self, message, match):
180192 """
181193 if not self ._platform .can_assign_role (message ):
182194 return
195+ self .__metrics_helper .increment_access_requests ()
183196 role_name = re .sub (ASSIGN_ROLE_REGEX , "\\ 1" , match .string .replace ("*" , "" ), flags = re .IGNORECASE )
184197 yield from self .get_role_grant_helper ().request_access (message , role_name )
198+ self .__metrics_helper .reset_consecutive_errors ()
185199
186200 @re_botcmd (pattern = APPROVE_REGEX , flags = re .IGNORECASE , prefixed = False , hidden = True )
187201 def approve (self , message , match ):
188202 """
189203 Approve a grant (resource or role)
190204 """
205+ self .__metrics_helper .increment_received_messages ()
191206 access_request_id = re .sub (APPROVE_REGEX , r"\1" , match .string .replace ("*" , "" ), flags = re .IGNORECASE ).upper ()
192207 approver = message .frm
193208 yield from self .get_approve_helper ().execute (approver , access_request_id )
209+ self .__metrics_helper .reset_consecutive_errors ()
194210
195211 @re_botcmd (pattern = DENY_REGEX , flags = re .IGNORECASE , prefixed = False , hidden = True )
196212 def deny (self , message , match ):
197213 """
198214 Deny a grant request (resource or role)
199215 """
216+ self .__metrics_helper .increment_received_messages ()
200217 access_request_id = re .sub (DENY_REGEX , r"\1" , match .string .replace ("*" , "" ), flags = re .IGNORECASE ).upper ()
201218 denial_reason = re .sub (DENY_REGEX , r"\2" , match .string .replace ("*" , "" ), flags = re .IGNORECASE )
202219 admin = message .frm
203220 yield from self .get_deny_helper ().execute (admin , access_request_id , denial_reason )
221+ self .__metrics_helper .reset_consecutive_errors ()
204222
205223 #pylint: disable=unused-argument
206224 @re_botcmd (pattern = SHOW_RESOURCES_REGEX , flags = re .IGNORECASE , prefixed = False , re_cmd_name_help = "show available resources [--filter expression]" )
207225 def show_resources (self , message , match ):
208226 """
209227 Show all available resources
210228 """
229+ self .__metrics_helper .increment_received_messages ()
211230 if not self ._platform .can_show_resources (message ):
212231 return
213232 flags = self .get_arguments_helper ().extract_flags (message .body )
214233 yield from self .get_show_resources_helper ().execute (message , flags = flags )
234+ self .__metrics_helper .reset_consecutive_errors ()
215235
216236 #pylint: disable=unused-argument
217237 @re_botcmd (pattern = SHOW_ROLES_REGEX , flags = re .IGNORECASE , prefixed = False , re_cmd_name_help = "show available roles" )
218238 def show_roles (self , message , match ):
219239 """
220240 Show all available roles
221241 """
242+ self .__metrics_helper .increment_received_messages ()
222243 if not self ._platform .can_show_roles (message ):
223244 return
224245 yield from self .get_show_roles_helper ().execute (message )
246+ self .__metrics_helper .reset_consecutive_errors ()
225247
226248 @re_botcmd (pattern = r"whoami" , flags = re .IGNORECASE , prefixed = False , name = "accessbot-whoami" )
227249 def whoami (self , message , _ ):
@@ -279,17 +301,22 @@ def get_arguments_helper(self):
279301 def get_whoami_helper (self ):
280302 return WhoamiHelper (self )
281303
304+ def get_metrics_helper (self ):
305+ return self .__metrics_helper
306+
282307 def get_admin_ids (self ):
283308 return self ._platform .get_admin_ids ()
284309
285310 def enter_grant_request (self , request_id : str , message , sdm_object , sdm_account , grant_request_type : GrantRequestType , flags : dict = None ):
286311 self .__grant_requests_helper .add (request_id , message , sdm_object , sdm_account , grant_request_type , flags )
312+ self .__metrics_helper .increment_pending_requests ()
287313
288314 def grant_requests_exists (self , request_id : str ):
289315 return self .__grant_requests_helper .exists (request_id )
290316
291317 def remove_grant_request (self , request_id ):
292318 self .__grant_requests_helper .remove (request_id )
319+ self .__metrics_helper .decrement_pending_requests ()
293320
294321 def get_grant_request (self , request_id ):
295322 return self .__grant_requests_helper .get (request_id )
0 commit comments